[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: partial locking and access control
Andy Bierman <firstname.lastname@example.org> wrote:
> I want the partial lock to only be a super-simple Xpath
> expression that only includes the QNames and [index1='foo'][index2='bar']
> type of expressions. It would be good if access-control works the
> same way, if there ever is a standard for NETCONF access control.
> Fancy stuff like "lock all the interfaces to Chicago that
> have the 'gold-service' feature enabled" can wait
> for Version 2 of the standard. Start simple and prove
> that this approach is secure and interoperable.
> I don't mind defining a safe subset of Xpath that MUST be supported
> by every agent, just like <lock>. I have an objection making
> full Xpath mandatory for RFC 4741 compliant agents.
That was never the intent of course. partial-locking is an optional
capability. And the intention was also to support the general xpath
part only if your implementation also supported the :xpath
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.